Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

A newly identified malware family abuses the Outlook mail service for communication, via the Microsoft Graph API.

Russian hackers have been targeting government, defense, telecoms, and other organizations in a device code phishing campaign.

After governments announced sanctions against the Zservers/XHost bulletproof hosting service, Dutch police took 127 servers offline.

DeepSeek has temporarily paused downloads of its chatbot apps in South Korea while it works with local authorities to address privacy concerns.

Xerox released security updates to resolve pass-back attack vulnerabilities in Versalink multifunction printers.

In a signal move for the cybersecurity sector, identity and access management (IAM) vendor SailPoint has made its return to public markets.

The chief deputy attorney general of the agency sent an email on Wednesday that said nearly all of is computer systems were offline.

Former RNC official Sean Cairncross has been nominated for the post of National Cyber Director to streamline the US cybersecurity strategy.

In the latest edition of “Rising Tides” we talk with Lesley Carhart, Technical Director of Incident Response at Dragos.

Meta received close to 10,000 vulnerability reports and paid out over $2.3 million in bug bounty rewards in 2024.

Noteworthy stories that might have slipped under the radar: Google pays $10,000 bug bounty for YouTube vulnerability, Cybereason CEO sues two investors, Otorio launches new OT security tool.

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Raj Dodhiawala has been named Chief Product Officer at Eclypsium.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move
Windows vulnerability exploited Windows vulnerability exploited

ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda. 

zero-day flaw zero-day flaw

Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product.

Cybersecurity M&A 2024 Cybersecurity M&A 2024

An analysis conducted by SecurityWeek shows that 405 cybersecurity-related mergers and acquisitions were announced in 2024.

Top Cybersecurity Headlines

A subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence.

The Microsoft Patch Tuesday machine hummed loudly this month with urgent fixes for a pair of already-exploited Windows zero-days.

Intel says roughly 100 of the 374 vulnerabilities it patched last year were firmware and hardware security defects.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Examine the state of cybersecurity in the context of quantum computing and artificial intelligence. Discuss the implications of the new White House administration’s cybersecurity policies and how they will influence the industry’s direction in 2025 and beyond.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Watch Now

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.(February 26, 2025)

Learn More

Supply Chain Security Summit
Join us as we explore the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. (March 19, 2025)

Learn More

Vulnerabilities

Cybercrime

McAfee and parent company Intel have developed what they’re calling a “reference implementation” to provide situational awareness and multi-zone protection to segments of the nation’s critical infrastructure.

Researchers at Trusteer have discovered a variant of Zeus with a P2P component that is targeting high profile sites such as Facebook, Google, Hotmail, and Yahoo in order to compromise debit and credit card data.The attacks being carried out by the P2P version of Zeus use a basic form of social engineering. Depending on the service being targeted at the time, users are presented with offers for additional security measures and rebates.

Microsoft says their new research on cloud computing shows that security may not be the impediment many perceive it to be.In a survey of 94 small to midsized businesses (SMBs) in the U.S. using the cloud and 93 that do not, it was revealed that of those who do:- 35 percent believe their business was more secure- 38 percent said they spent less time managing security

Vaultive, a provider of cloud data encryption solutions, today launched Vaultive for Hosted Exchange, an enterprise-class cloud data encryption solution that encrypts data-at-rest and data-in-use within Hosted Microsoft Exchange environments, while letting enterprise IT retain control of the encryption keys.

A start-up in Russia, backed by Microsoft, says they have developed technology that can stop BitTorrent-based filesharing. The Pirate Pay came into existence due to the growth of copyright infringement in Russia, and the mounting international pressure to stop it.One of the first companies to back Pirate Pay was Microsoft, who granted them $100,000 in seed money. Microsoft was soon followed by Walt Disney Studios and Sony Pictures in Russia, who hired the firm to protect the film, Vysotsky. Thanks...

You've heard it a thousand times before: information is power. The more data you have, the more insight and knowledge you possess. But what happens when your data stores grow so large that securing and managing them effectively is no longer in the cards? What happens when every new security control that's put in place to protect data is just another administrative burden—increasing the security event data that must be monitored, logged, shared between security components, analyzed, and reported on.How...

Backdoor Found In ZTE Android SmartphoneZTE, a handset manufacturer in China, has shipped Android smartphones to the U.S. with a fully enabled backdoor. The news of the backdoor came by way of an anonymous post to Pastebin, but was later confirmed by other researchers.[Updated 05/17 to Add ZTE Working On Patch for Backdoor Vulnerability]

Why are people talking about the Cyber Intelligence Sharing and Protection Act (CISPA) as really protecting the United States from cyber threats? The bill claims its goal is to share intelligence on Internet traffic to help “ensure the protection of our national networks against cyber threats.”

Adobe’s Photoshop is a key application within the marketing, advertising, sales, publishing and graphic design markets. Businesses that rely on images to move product use Adobe’s costly flagship product. So when code execution vulnerabilities were discovered in Photoshop 12 (CS5) it’s easy to think that a patch would not only be released, but that it would be free. Those thoughts couldn’t be further from the truth.

Department of Defense Widens of Defense Industrial Base (DIB) Cybersecurity Information Sharing InitiativesThe U.S. Department of Defense, working alongside the U.S. Department of Homeland Security, announced on Friday that they would expand the availability of the cybersecurity information assurance program launched last year.

The Internet Crime Complaint Center (IC3) released its 2011 Internet Crime Report on Thursday, revealing some of the top scams and cybercrime trends for the year.All totaled, the IC3 said it received and processed 314,246 complaints in 2011, averaging out to 26,000 complaints per month. These numbers represent a 3.4 percent increase over the number of complaints received in 2010. The reported dollar loss was $485.3 million.

TrustSphere, a company that provides reputation and messaging intelligence solutions, has released an email security product that leverages a social graph of trusted senders to block spam and reduce the number of messages erroneously sent to junk mail folders, while at the same time helping to defend against targeted attacks.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

San Francisco application security startup raises $100 million in a Series D funding round led by Menlo Ventures. 

Cloud Security

Application Security

APIs are easy to develop, simple to implement, and frequently attacked. They are  prime and lucrative targets for cybercriminals. 

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.